AWS Certified Cloud Practitioner — Question 4

A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2 instances, and Amazon RDS.
Which security measures fall under the responsibility of AWS? (Choose two.)

Answer options

• A. Running a virus scan on EC2 instances
• B. Protecting against IP spoofing and packet sniffing
• C. Installing the latest security patches on the RDS instance
• D. Encrypting communication between the EC2 instances and the Elastic Load Balancer
• E. Configuring a security group and a network access control list (NACL) for EC2 instances

Correct answer: B, C

Explanation

Answer B is correct because AWS is responsible for protecting the infrastructure, which includes safeguarding against threats like IP spoofing and packet sniffing. Answer C is also correct as AWS manages the underlying infrastructure, including applying security patches to RDS. The other options, such as running virus scans, installing patches on EC2, and configuring security groups, are the user's responsibility.